Early Access — Mondoo Vulnerability Intelligence is currently in preview.
There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted.
1.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm31.5.2-3+deb8u3ubuntu1~esm41.5.2-3+deb8u3ubuntu1~esm61.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.11.6.4-3ubuntu0.21.6.4-3ubuntu0.2+esm11.6.4-3ubuntu0.2+esm21.6.4-3ubuntu0.2+esm41.6.4-41.6.4-4ubuntu0.11.6.4-4ubuntu0.21.6.4-4ubuntu0.2+esm11.6.4-4ubuntu0.2+esm21.6.4-4ubuntu0.2+esm42.0.6-32.0.7-22.0.7-2ubuntu0.12.0.7-2ubuntu0.1+esm12.0.7-2ubuntu0.1+esm22.0.7-2ubuntu0.1+esm32.1.4-32.1.4-42.1.4-52.1.4-5ubuntu12.1.4-5ubuntu1.12.1.4-32.1.4-42.1.4-52.1.4-5ubuntu12.1.4-5ubuntu1+esm22.1.4-5ubuntu1+esm32.2.4-31.5.2-11.5.2-1ubuntu0.1~esm11.5.2-3+deb8u3ubuntu1~esm21.5.2-3+deb8u3ubuntu1~esm31.5.2-3+deb8u3ubuntu1~esm41.5.2-41.6.4-21.6.4-31.6.4-3ubuntu0.11.6.4-3ubuntu0.21.6.4-3ubuntu0.2+esm11.6.4-3ubuntu0.2+esm21.6.4-41.6.4-4ubuntu0.11.6.4-4ubuntu0.21.6.4-4ubuntu0.2+esm11.6.4-4ubuntu0.2+esm22.0.6-32.0.7-22.0.7-2ubuntu0.12.0.7-2ubuntu0.1+esm12.0.7-2ubuntu0.1+esm2Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H